34 lines
1.3 KiB
Python
34 lines
1.3 KiB
Python
import json
|
|
from flask import request
|
|
from .jwt_handler import decode_jwt
|
|
|
|
def check_jwt():
|
|
# get header and try to get payload
|
|
# this will throw an exception if the payload is missing, invalid or expired
|
|
token = request.headers.get('Authorization')
|
|
if not token:
|
|
raise Exception('Missing access token')
|
|
jwt = token.split('Bearer ')[1]
|
|
try:
|
|
return decode_jwt(jwt)
|
|
except Exception as e:
|
|
raise Exception(f'invalid access token: {e}')
|
|
|
|
# magic. use this to decorate the api calls
|
|
# https://brunotatsuya.dev/blog/jwt-authentication-and-authorization-for-python-flask-rest-apis
|
|
|
|
def auth_guard(role=None):
|
|
def wrapper(route_function):
|
|
def decorated_function(*args, **kwargs):
|
|
# Authentication gate
|
|
try:
|
|
user_data = check_jwt()
|
|
except Exception as e:
|
|
return json.dumps({"message" : f'{e}', "status": 401}), 401
|
|
if role and role not in user_data['roles']:
|
|
return json.dumps({"message": 'Authorization required.', "status" : 403}), 403
|
|
# get on to original route
|
|
return route_function(*args, **kwargs)
|
|
decorated_function.__name__ = route_function.__name__
|
|
return decorated_function
|
|
return wrapper |